Botnets may be a growing problem on PCs, but security vendor Trend Micro how discovered mobile phones are also now being targeted and used as bots on a botnet.

This new malware targets the Symbian OS specifically and is being called SYMBOS_YXES.B and an earlier variant SYMBOS_YXES.A. Both manage to infiltrate a phone by posing as a well-known application called ACSServer.exe. Once on the phone it gathers up your personal information including subscriber, phone, and network details, and then transmits them to a website.

As well as stealing your details the malware then goes on to start sending spam to everyone on your contact list, which may also include attempting to infect those phones with the same malware. The worst case scenario is a growing mobile network of spam sent via this new smartphone-based botnet.

The thing that has surprised Trend Micro the most is that the A and B variants of this malware are both signed applications. Signing means checking an application to make sure it isn’t malicious so a user can trust it and is currently carried out by Symbian Signed, part of the Symbian Foundation. For this malware to be signed means it must have gone through the signing process begging the question: how did it get through the checks?

Matthew’s Opinion
The existence of such a botnet means a number of things. First of all, protecting your mobile device with security software is becoming a necessity. Secondly, the Symbian app signing process looks to be flawed meaning measures need to be taken fast to fix that floor, plus a review of signed apps needs to be carried out to ensure there are no further malicious apps out there masquerading as legitimate software.

Malware on mobile phones was inevitable. The increased processing power, storage, and communication features meant hackers would eventually target mobile platforms. There are after all millions of users out there using connected devices and very little protection. It is a very tempting arena for hackers to jump into don’t you think? And mobile phones acting as payment devices is just around the corner.